Who ever is trying to decrypt the data would have to start over on the decryption process. The two methods should use two different salt keys, which should produce two different results, assuming the algorithm is well designed. Ideally two different algorithms should be used between the container and the partition encryption.

Yes, you should use two different passwords.

Have you tried moving the disk to a different computer to make sure you can still decrypt the data? Preferably, a fresh one that can be destroyed after the test. DBAN is a good way to wipe a hard drive if you don't want to destroy it.

As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".

The only legitimate reason I can think of for doing this would be if you don't trust anyone, and want to require that two specific people be present in order to decrypt the data. Give one of the passphrases to each person, and neither one can decrypt the data themselves. But you could also accomplish nearly the same thing by encrypting the data only once, and giving half of the passphrase to each person.

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

It's not likely to be less secure, but that doesn't mean it's enough of an improvement to make it worth the trouble of a second password to keep track of. Also the standard recommendation is full disk encryption, which I think BitLocker can do, since then you don't need to worry as much about quirks in the operating system foiling your attempt to encrypt files.

OP: As mentioned in your original thread, there is no "100% absolute secure" encryption. Poor key management and other attack vectors (including the much more effective social engineering one) are always in effect. You can really just increase the time+effort+cost of brute-force decrypting the data against people who are doing it brute force. And for that, unless you are dealing with state-sponsored agencies, tools like TrueCrypt are usually good enough. I use TrueCrypt as well with key and password, and I make sure I keep them separate during transport (seriously all bets are off once the data is decrypted on the other end, unless the other end is not connected and you can erase the memories of the operator who touches the system).

The Model M is not for the faint of heart. You either like them or hate them.

just brew it! wrote:As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".

He hasn't asked about blind drops and obfuscating communications or the origin of a package, so I don't think he's reached paranoid just yet.

Regarding plain old theoretical cryptographical attacks, i.e., a nice playing attacker that has your encrypted data and also knows some bits of the plaintext: Yes, somewhat.

- Does it make sense in real life? Only if you consider attackers at the level of large governmental institutions like the NSA, GCHQ, Mossad and whatever the Russians have. SUPPOSING those institutions have a VERY HIGH interest in your data, we are talking state secrets and nuclear launch codes here. If they do, you obviously have other problems.

- Would it make a difference? Do you have the (military) power to protect you from them physically? If not, see http://xkcd.com/538/.

Stop trying to evaluate the most secure way to encrypt some data. Any product you can use worth its salt will implement secure enough crypto. If you have enemies motivated enough to go for that data, they will NOT attack the crypto. They will attack:- your PASSWORD (it's not your birthday is it?),- your systems, i.e., your network or even your PCs directly by installing a trojan or w/e,- YOU.

just brew it! wrote:As long as you use two completely different (and sufficiently long) passphrases, yes it should be more secure. But I doubt it is really worth the effort; assuming you've used decent encryption software to begin with, you're going from "very secure" to "paranoid level of security".

The only legitimate reason I can think of for doing this would be if you don't trust anyone, and want to require that two specific people be present in order to decrypt the data. Give one of the passphrases to each person, and neither one can decrypt the data themselves. But you could also accomplish nearly the same thing by encrypting the data only once, and giving half of the passphrase to each person.

You are right about giving half of the paraphrase but that is not what I had in mind.

More I read on this subject, less I am getting convinced that there is one single software that will do the job.

Can you comment on following ?

All of the software we discussed do only File System Encryption OR Folder Encryption & not encrypting the files themselves.

OP: As mentioned in your original thread, there is no "100% absolute secure" encryption. Poor key management and other attack vectors (including the much more effective social engineering one) are always in effect. You can really just increase the time+effort+cost of brute-force decrypting the data against people who are doing it brute force. And for that, unless you are dealing with state-sponsored agencies, tools like TrueCrypt are usually good enough. I use TrueCrypt as well with key and password, and I make sure I keep them separate during transport (seriously all bets are off once the data is decrypted on the other end, unless the other end is not connected and you can erase the memories of the operator who touches the system).

Thread spawning wasn't my intent at all & I sincerely apologize if it came out like that.

I am just exploring & experimenting this subject with true intent of learning & eventually using ideas from this great forum.

I am learning a lot from every response & am truly grateful to you all.

Don't connect to the internet. Don't send HDDs over mail/courier. Don't tell the other guy your secret. Don't even record the information electronically. Fry+scramble your brain cells so even you don't remember what the data is (if you just kill yourself may be there are residual patterns that can be extracted from the dead brain cells), or may be, just vapourize yourself. That will be 100% absolute.

But if you have to go that far, what's the point?

The Model M is not for the faint of heart. You either like them or hate them.

Flying Fox wrote: Fry+scramble your brain cells so even you don't remember what the data is (if you just kill yourself may be there are residual patterns that can be extracted from the dead brain cells), or may be, just vapourize yourself. That will be 100% absolute.

Ryu Connor wrote:FWIW, layering encryption to increase the time to compromise is what 3DES does.

Yes. But there's not much point unless you're using an obsolete (and therefore easier to crack) form of encryption like DES in the first place.

For the record, 3DES is now officially deprecated in the financial institution world. Doesn't mean it isn't still used, but it's day job time to go hunting for existing implementations and nicely ask them to get rid of it.

40 and 56bit was still relevant even in the late 90s. It wasn't until 2000 or so that the limited export of cryptography was lifted allowing for 128bit encryptions or greater to leave the US. It wasn't until October of 2000 that AES finally won the competition to replace DES.

My point is that layering encryption has precedent as a method to improve difficulty. Taking 3DES and applying it to 2013 misses my point.

Since such pedantry is in the air, let me also detail that my statement doesn't mean I condone what dan99t is doing.

"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"

Ryu Connor wrote:My point is that layering encryption has precedent as a method to improve difficulty. Taking 3DES and applying it to 2013 misses my point.

Perhaps you missed my point -- i.e., provided you're using a good (and current) encryption algo to begin with, there's generally no reason to double- or triple-encrypt. So unless he's worried about keeping the contents of this drive secure for several times the likely lifetime of the drive itself, there's little benefit.

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

Ryu Connor wrote:FWIW, layering encryption to increase the time to compromise is what 3DES does.

Yes. But there's not much point unless you're using an obsolete (and therefore easier to crack) form of encryption like DES in the first place.

For the record, 3DES is now officially deprecated in the financial institution world. Doesn't mean it isn't still used, but it's day job time to go hunting for existing implementations and nicely ask them to get rid of it.

Hi,while AES is a more secure and newer encryption standard, 3DES should be more that enought to protect even classified data: it provide 112 bit of security that, combined with the intrinsic resilience of the DES algorithm, should be very difficult to crack.

Do you have any reference pointing to the financial institute migrating away from 3DES? In my experience, while AES-128 is both stronger and faster then plain software based 3DES implementation, many mid-large corporation uses VPN-concentrators with hardware 3DES acceleration and so are reluctant to swith to other protocols.

I feel that the primary purpose of data encryption is to keep honest people, honest. It will not stop a determined group or individual from obtaining your data or at least the destroying the data (denial of service) and if you are paranoid enough you will probably have no back-ups.

Unless you have state and trade secrets on hand. You shouldn't have to go to great lengths to protect and encrypt your data. The vast majority can get by with standard encryption schemes and suites to protect their personal information as long as you deal with parties that you can trust. Don't deal with shady emails and groups (phishing schemes).

Physical security the final and most important layer of defence. It doesn't matter how good your encryption scheme is. An attacker who has sufficient motivation will circumvent the encryption or destroy the data out of spite.

One thing you could do if you just really want more than single-password encryption is look into TrueCrypt's hidden volume feature, where you can have an encrypted file/drive/whatever whose empty-space 'noise' is actually a second drive and which one you get when you mount the drive depends on which of two passwords you feed TrueCrypt. The idea is that you can load the outer volume with things that are embarrassing or socially deviant but not (or less) illegal in your jurisdiction so that if/when you are forced to reveal the password you can convincingly say that this is what you have. The crypto is never the weak point so plausible deniability is infinitely more useful than fretting about fancypants algorithms.

Another thing you could look at depending on how much data you've got is an enterprise-class secure USB stick with a hardware-based security system. I have a 4GB Lexar drive (sadly discontinued it seems) that bricks itself after five incorrect attempts, it's not very big but great for passwords and financial stuff. Obviously you need to be triply careful to remember the PW with one of these since you can't just guess until you get the right one.